{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T05:26:21Z","timestamp":1769059581040,"version":"3.49.0"},"reference-count":36,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2014,8,5]],"date-time":"2014-08-05T00:00:00Z","timestamp":1407196800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,8,5]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>\u2013 The purpose of this paper is to investigate the association of lack of awareness and human factors and the association of lack of awareness and significant attacks that threat computer security in higher education.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>\u2013 Five human factors and nine attacks are considered to investigate their relationship. A field research is conducted on Greek employees in higher education to identify the human factors that affect information security. The sample is consisted of 103 employees that use computers at work. Pearson correlation analysis between lack of awareness and nine (9) computer security risks is performed.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>\u2013 Examining the association of lack of awareness with these attacks that threat the security of computers, all nine factors of important attacks exert significant and positive effect, apart from phishing. Considering the relationship of lack of awareness to human factors, all five human factors used are significantly and positively correlated with lack of awareness. Moreover, all nine important attacks, apart from one, exert a significant and positive effect.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>\u2013 The paper extends understanding of the relationship of the human factors, the lack of awareness and information security. The study has focused on employees of the Technological Educational Institute (TEI) of Athens, namely, teachers, administrators and working post-graduate students.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>\u2013 The paper has used weighted factors based on data collection in higher education to calculate a global index for lack of awareness, as the result of the weighted aggregation of nine (9) risks, and extends the analysis performed in the literature to evaluate the effectiveness of security awareness in computer risk management.<\/jats:p><\/jats:sec>","DOI":"10.1108\/jsit-01-2014-0007","type":"journal-article","created":{"date-parts":[[2014,8,29]],"date-time":"2014-08-29T03:32:37Z","timestamp":1409283157000},"page":"210-221","source":"Crossref","is-referenced-by-count":21,"title":["Human factor and information security in higher education"],"prefix":"10.1108","volume":"16","author":[{"given":"Efthymia","family":"Metalidou","sequence":"first","affiliation":[]},{"given":"Catherine","family":"Marinagi","sequence":"first","affiliation":[]},{"given":"Panagiotis","family":"Trivellas","sequence":"first","affiliation":[]},{"given":"Niclas","family":"Eberhagen","sequence":"first","affiliation":[]},{"given":"Georgios","family":"Giannakopoulos","sequence":"first","affiliation":[]},{"given":"Christos","family":"Skourlas","sequence":"first","affiliation":[]}],"member":"140","reference":[{"key":"key2020123000114204500_b1","doi-asserted-by":"crossref","unstructured":"Ahmed, F. and Siyal, M.Y. (2005), \u201cA novel approach for regenerating a private key using password, fingerprint and smart card\u201d, Information Management & Computer Security, Vol. 13 No. 1, pp. 39-54.","DOI":"10.1108\/09685220510582665"},{"key":"key2020123000114204500_b2","doi-asserted-by":"crossref","unstructured":"Arce, I. (2003), \u201cThe weakest link revisited\u201d, IEEE Security and Privacy, Vol. 1 No. 2, pp. 72-76.","DOI":"10.1109\/MSECP.2003.1193216"},{"key":"key2020123000114204500_b3","unstructured":"Badie, N. and Lashkari, A.H. (2012), \u201cA new evaluation criteria for effective security awareness in computer risk management based on AHP\u201d, Journal of Basic and Applied Scientific Research, Vol. 2 No. 9, pp. 9331-9347."},{"key":"key2020123000114204500_b5","unstructured":"Cripps, H. and Standing, C. (2012), \u201cBuilding patient trust in electronic health records\u201d, the Proceedings of the 1st Australian eHealth Informatics and Security Conference, Perth, pp. 9-15."},{"key":"key2020123000114204500_b6","unstructured":"Danchev, D. (2006), \u201cReducing \u2018human factor\u2019 mistakes\u201d, available at: www.windowsecurity.com\/articles\/Reducing_Human_Factor_Mistakes.html (accessed 3 July 2012)."},{"key":"key2020123000114204500_b7","unstructured":"Deloitte (2009), \u201c Protecting what matters\u201d, 6th Annual Global Security Survey, available at: www.deloitte.com\/assets\/Dcom-Shared%20Assets\/Documents\/us_fsi_GlobalSecuritySurvey_0209.pdf."},{"key":"key2020123000114204500_b9","unstructured":"European Security Forum (1993), Implementation Guide: How to Make your Organization aware of IT Security, European Security Forum, London."},{"key":"key2020123000114204500_b11","unstructured":"Gonzalez, J. and Sawicka, A. (2002), \u201cA Framework for Human Factors in Information Security\u201d, WSEAS International Conference on Information Security, Rio de Janeiro, Brasil, available at: http:\/\/www.wseas.us\/e-library\/conferences\/brazil2002\/papers\/448-187.pdf"},{"key":"key2020123000114204500_b12","unstructured":"Hinson, G. (2003), \u201cHuman factors in information security\u201d, IsecT Ltd, available at: www.noticebored.com\/NB_White_paper_on_human_factors_v5.pdf (accessed 2 August 2012)."},{"key":"key2020123000114204500_b14","unstructured":"Kahraman, E. (2005), \u201cEvaluating IT security performance with quantifiable metrics\u201d, Master\u2019s thesis, DSV SU\/KTH."},{"key":"key2020123000114204500_b15","doi-asserted-by":"crossref","unstructured":"Kearney, P. (2010), Security: The Human Factor, IT Governance Publishing, Cambridgeshire.","DOI":"10.2307\/j.ctt5hh5gj"},{"key":"key2020123000114204500_b16","doi-asserted-by":"crossref","unstructured":"Kraemer, S. and Carayon, P. (2003), \u201cA human factors vulnerability evaluation method for computer and information security\u201d, Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 47 No. 12, pp. 1389-1393.","DOI":"10.1177\/154193120304701202"},{"key":"key2020123000114204500_b18","doi-asserted-by":"crossref","unstructured":"Kraemer, S. , Carayon, P. and Clem, J. (2009), \u201cHuman and organizational factors in computer and information security: pathways to vulnerabilities\u201d, Computers and Security, Vol. 28 No. 7, pp. 509-520.","DOI":"10.1016\/j.cose.2009.04.006"},{"key":"key2020123000114204500_b19","doi-asserted-by":"crossref","unstructured":"Kruger, H. and Kearney, W.D. (2006), \u201cA prototype for assessing information security awareness\u201d, Computers and Security, Vol. 25 No. 4, pp. 289-296.","DOI":"10.1016\/j.cose.2006.02.008"},{"key":"key2020123000114204500_b20","doi-asserted-by":"crossref","unstructured":"Kruger, H. , Drevin, L. and Steyn, T. (2007), \u201cEmail Security Awareness: A Practical Assessment of Employee Behaviour\u201d, Fifth World Conference on Information Security Education, Proceedings of the IFIP, June 2007, New York, Vol. 237, 33-40.","DOI":"10.1007\/978-0-387-73269-5_5"},{"key":"key2020123000114204500_b21","unstructured":"Layton, T.P. (2005), Information Security Awareness \u2013 The Psychology behind the Technology, AuthorHouse, Bloomington IN."},{"key":"key2020123000114204500_b22","unstructured":"Lieberman Software (2011), \u201c2011 survey of IT professionals password practices and outcomes\u201d, available at: www.liebsoft.com\/uploadedFiles\/wwwliebsoftcom\/MARCOM\/Press\/Content\/2011-Password-Survey.pdf (accessed 10 August 2012)."},{"key":"key2020123000114204500_b23","unstructured":"Maiwald, E. (2004), Fundamentals of Network Security, McGraw Hill, Burr Ridge, IL."},{"key":"key2020123000114204500_b24","unstructured":"Mitnik, K. and Simon, W. (2002), The Art of Deception, Wiley Publishing, New York."},{"key":"key2020123000114204500_b25","unstructured":"Moos, T. (2006), \u201cCisco-sponsored security survey of remote workers reveals the need for more user awareness\u201d, available at: www.ngkhai.net\/blog\/2006\/11\/15\/cisco-sponsored-security-survey-of-remote-workers-reveals-the-need-for-more-user-awareness\/ (accessed 3 July 2012)."},{"key":"key2020123000114204500_b26","unstructured":"Nguyen, A. (2011), \u201cFree pizza can help raise security awareness\u201d, Computer World, 20 April, available at: www.computerworlduk.com\/news\/security\/3275692\/free-pizza-can-help-raise-security-awareness\/ (accessed 10 August 2012)."},{"key":"key2020123000114204500_b27","doi-asserted-by":"crossref","unstructured":"Orshesky, C. (2003), \u201cBeyond technology \u2013 the human factor in business systems\u201d, Journal of Business Strategy, Vol. 24 No. 4, pp. 43-47.","DOI":"10.1108\/02756660310494872"},{"key":"key2020123000114204500_b28","unstructured":"Panko, R. (2004), Corporate Computer and Network Security, Englewood Cliffs, NJ, Prentice-Hall."},{"key":"key2020123000114204500_b30","unstructured":"Pfleeger, S. and Pfleeger, C. (2003), Security in Computing, 3rd ed. Upper Saddle River, NJ: Prentice Hall PTR."},{"key":"key2020123000114204500_b31","unstructured":"Sapronov, K. (2005), \u201cThe human factor and information security\u201d, available at: www.securelist.com\/en\/analysis?pubid=176195190 (accessed 12 July 2012)."},{"key":"key2020123000114204500_b32","unstructured":"Schneier, B. (2000), Secrets and Lies, John Wiley & Sons, New York, NY."},{"key":"key2020123000114204500_b33","doi-asserted-by":"crossref","unstructured":"Schultz, E. (2005), \u201cThe human factor in security\u201d, Computers and Security, Vol. 24 No. 6, pp. 425-426.","DOI":"10.1016\/j.cose.2005.07.002"},{"key":"key2020123000114204500_b34","doi-asserted-by":"crossref","unstructured":"Sheng, W. , Howells, G. , Fairhurst, M. , Deravi, F. and Chen, S. (2012), \u201cReliable and secure encryption key generation from fingerprints\u201d, Information Management & Computer Security, Vol. 20 No. 3, pp. 207-221.","DOI":"10.1108\/09685221211247307"},{"key":"key2020123000114204500_b35","doi-asserted-by":"crossref","unstructured":"Sherer, S.A. and Alter, S. (2004), \u201cInformation system risks and risk factors: are they mostly about information systems?\u201d, Communications of the Association for Information Systems, Vol. 14 No. 2, pp. 29-64.","DOI":"10.17705\/1CAIS.01402"},{"key":"key2020123000114204500_b36","doi-asserted-by":"crossref","unstructured":"Thomson, K. and Van Niekerk, J. (2012), \u201cCombating information security apathy by encouraging prosocial organisational behavior\u201d, Information Management & Computer Security, Vol. 20 No. 1, pp. 39-46.","DOI":"10.1108\/09685221211219191"},{"key":"key2020123000114204500_frd1","doi-asserted-by":"crossref","unstructured":"Cresswell, A. and Hassan, S. (2007), \u201cOrganizational impacts of cyber security provisions: a sociotechnical framework\u201d, 40th Hawaii International Conference on Systems Sciences, Waikoloa, HI.","DOI":"10.1109\/HICSS.2007.418"},{"key":"key2020123000114204500_frd2","doi-asserted-by":"crossref","unstructured":"Dhillon, G. and Backhouse, J. (2001), \u201cCurrent directions in IS security research: towards socio- organizational perspectives\u201d, Information Systems Journal, Vol. 11 No. 2, pp. 127-153.","DOI":"10.1046\/j.1365-2575.2001.00099.x"},{"key":"key2020123000114204500_frd3","doi-asserted-by":"crossref","unstructured":"Furnell, S. (2007), \u201cMaking security usable: are things improving?\u201d, Computers and Security, Vol. 26 No. 6, pp. 434-443.","DOI":"10.1016\/j.cose.2007.06.003"},{"key":"key2020123000114204500_frd4","unstructured":"Hosmerm, D.W.Jr and Lemeshow, S. (1989), Applied Logistic Regression, John Wiley & Sons, New York, NY."},{"key":"key2020123000114204500_frd5","unstructured":"Kraemer, S. and Carayon, P. (2007), Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists, Applied Ergonomics, Vol. 38 No. 2, pp. 143-154."},{"key":"key2020123000114204500_frd6","unstructured":"Parsons, K. , McCormac, A. , Butavicius, M. and Ferguson, L. (2010), \u201cHuman factors and information security: individual\u201d, Culture and Security Environment, DSTO, Edinburgh South Australia."}],"container-title":["Journal of Systems and Information Technology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/JSIT-01-2014-0007","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JSIT-01-2014-0007\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/JSIT-01-2014-0007\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T22:23:34Z","timestamp":1753395814000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/jsit\/article\/16\/3\/210-221\/249608"}},"subtitle":[],"editor":[{"given":"Professor","family":"Georgios Giannakopoulos and Professor Damianos Sakas","sequence":"first","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2014,8,5]]},"references-count":36,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2014,8,5]]}},"alternative-id":["10.1108\/JSIT-01-2014-0007"],"URL":"https:\/\/doi.org\/10.1108\/jsit-01-2014-0007","relation":{},"ISSN":["1328-7265"],"issn-type":[{"value":"1328-7265","type":"print"}],"subject":[],"published":{"date-parts":[[2014,8,5]]}}}